As it is supported by cedar (rust), policy decision response should be available in a JSON formatted manner.

Description

In Cedar language, you can create templates (with placeholders) for your policies. That will be filled with provided entities.
For more information see: https://www.cedarpolicy.com/en/tutorial/policy-templates

Description

At this time, an issue document is not normalized.

Expected Behavior

Provide templates for:

• Bug
• Enhancement
• Pull request

Expected Behavior

Logging inside WASM module should be exposed to the user instead of panicking.

Actual Behavior

When an error occurs, the WASM module panic and exposes an error like this:

engine_test.go:44: wasm error: unreachable
        wasm stack trace:
        	.rust_panic()
        		0x1dd9d7: /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/panic_abort/src/lib.rs:83:17 (inlined)
        		          /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/panic_abort/src/lib.rs:37:5 (inlined)
        		          /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/std/src/panicking.rs:744:9
        	._ZN3std9panicking20rust_panic_with_hook17h7f7102b82d51338fE(i32)
        		0xc7c1d: /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/std/src/panicking.rs:714:5
        	._ZN3std9panicking19begin_panic_handler28_$u7b$$u7b$closure$u7d$$u7d$17hfa40135feb109919E(i32)
        		0x1dda27: /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/std/src/panicking.rs:583:13
        	._ZN3std10sys_common9backtrace26__rust_end_short_backtrace17haf21bfec9a028e09E(i32)
        		0x1dd9de: /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/std/src/sys_common/backtrace.rs:150:18
        	.rust_begin_unwind(i32)
        		0x185760: /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/std/src/panicking.rs:579:5
        	._ZN4core9panicking9panic_fmt17he4489d678d6570d5E(i32,i32)
        		0x320: /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/core/src/panicking.rs:64:14
        	._ZN4core6result13unwrap_failed17h9c69c0d7a98df92bE(i32,i32,i32,i32,i32)
        		0x2dee8: /rustc/84c898d65adf2f39a5a98507f1fe0ce10a2b8dbc/library/core/src/result.rs:1750:5
        	.is_authorized(i32,i32,i32,i32,i32,i32,i32,i32) i64
      ```

The only way I got partial evaluation to work was to use Request::RequestBuilder since you might be missing the principal, action, or resource. I don't mind sharing my code, but I'm sure my code is horrific since this is the first time I write any Rust code.

I also had to convert the entity store into a partial evaluation compatible one using Entities::partial

Joffref one question, is it allow to use un when {} clauses here? because i have the following policy:

permit(
principal in Role::"admin",
action == Action::"create",
resource
)
when {
resource.id like "/inventory*"
};
i already review everything but the policy is answering Deny, however i tried the same policy with the same data in Cedar Playground and responds allow, do you know why?

To avoid human mistakes (not pushing the updated binary), WASM binary must be built and added during the merge step.

@Joffref, amazing work! Really love what you've done here! This library is both useful and a great reference for learning.

I'd love to be able to validate Cedar policies programmatically using Go, is that something you're open to implementing?

Thanks again for making this lib a reality!

• Liam

Description

Few days ago the binding has been patched to ensure allocation inside rust code is persisted to avoid overriding in-memory values, but no test were added to avoid regression.

Possible solution

Implement tests to avoid regression.